CSOC Analyst

CSOC Analyst

الوصف الوظيفي

• Centralize and coordinate monitoring of cyber risks and management of security related incidents.
• Perform periodic review of security logs and real time monitoring of cyber-attacks.
• Shifting duty to cover 24x7x365 on-call operations.
• Active monitoring of system logs and network traffic for unusual activity and provide recommendations for remediation
• Continuous monitoring and review of security events, reports, alerts and CSOC dashboards to identify anomalous patterns indicative of potential security incidents
• Responsible for timely and effective response to, and management of, incidents, events, notifications, calls and other activities related to CSOC including Root Cause Analysis
• Gather relevant information and provide actionable intelligence on potential cyber security threats and incidents
• Prepare CSOC reports (for presentation if needed) on daily, weekly and monthly KRIs
• Responsible for creation and fine-tuning of use-cases and alerts in the CSOC monitoring environment
• Perform regular health checks on all CSOC systems and tools and ensure that all hosts are monitored and required security event logs are being collected
• Take direction and guidance from InfoSec Management to build, support and update the CSOC playbooks/processes
• Render support for the administration and configuration of security controls such as SIEM, Anti-virus software, network security devices, PAM, DLP, Vulnerability Management, etc.
• Prepare security awareness messages, presentations and announcements for management, IT staff, and regular users
• Participate in regular cyber drills and CSOC exercises
• Identify and communicate daily all critical items requiring the attention of senior management and coordinate with relevant teams to provide necessary remediation action
• Perform exception reviews, due diligence activities and risk assessment when required
• Facilitate technology audit and control remediation activities to ensure items are closed in a timely manner
• Manage all documentation related to information security incidents
• Resolve technical security queries; research, investigate and provide control recommendations to address risk

الوصف الوظيفي

المهارات

• Strong technical background across IT network technologies and protocols including TCP/IP, UDP, DNS, SMTP, PKI, etc.
• Strong understanding of security operations concepts – perimeter defense, insider threat, kill chain analysis, threat hunting, security metrics, MITRE ATT&CK framework
• Good understanding of Information Security principles, accepted practices and guidelines such as ISO 27001, PCI-DSS, NIST, SABSA, COBIT, CIS, and OWASP
• Expert knowledge in collecting and analyzing Netflow & Firewall logs, IPS logs, OS security logs, PCAP, etc.
• Subject matter expertise in threat management, security incident event management, incident response and handling, root cause analysis and online research / self-study
• Experience in stakeholder engagement with excellent written and verbal communication skills
• Can work effectively in a team environment or autonomously
• Experience in APT detection, EPP/EDR, anti-malware, vulnerability scanning, DLP, and threat intelligence tools
• Flexible to work in shifts to cover 24x7x365 on-call operations; Ability to work under high pressure

Required Qualifications:

• B.Sc. degree in computer science/engineering or a related technical field
• Skills: SIEM, Log management, Log analysis, Syslog, Network monitoring, Threat intelligence gathering, Network security, Windows security, Linux/Unix security, EDR, Vulnerability Scanning, CVSS, Ethical Hacking, Malware analysis, Technical research, MITRE ATT&CK, Cloud security, SOAR, Cyber-attack detection and analysis, SOC playbooks, DLP
• Relevant Information Security certifications such as CCNA Cyber Ops, CySA+, CHFI, ECIR and GIAC is advantageous.

Required Experience:

• 5 years of experience in IT System Administration, IT Application Development, or IT Network Security
• 5 years prior work experience in a CSOC environment focused on event collection and analysis using SPLUNK
• Hands-on experience in SPLUNK Administration and building use-cases; with working knowledge of Regular expressions (regex/regexp)
• Experience in Application Development, Database Administration or Penetration Testing preferred.

المهارات

تفاصيل الوظيفة

منطقة الوظيفة

الدوحة, قطر

قطاع الشركة

البنوك

طبيعة عمل الشركة

صاحب عمل (القطاع الخاص)

نوع التوظيف

دوام كامل

الراتب الشهري

غير محدد

عدد الوظائف الشاغرة

1

تفاصيل الوظيفة

Original Article